Compliance Need Not Be Complicated or Costly
With LibertyID Business Solutions you are simultaneously improving the safeguards surrounding your consumers’ private data and you are also heading toward your compliant posture in relation to federal and state regulations – including the FTC Safeguard Rules.
While most all states require businesses to develop and implement written information security programs, all financial institutions, regardless of where they are based, are required by federal law to institute similar procedures to safeguard their customers’ personal information.
NEW FTC Safeguard Rules
1. Qualified Individual responsible for developing, overseeing, monitoring, and enforcing your business’ information security program.
2. Periodic risk assessments must be used to guide continued updating and enforcement of your information security program.
3. Implement customer information safeguards to control the risks identified in the risk assessments.
4. Continuous monitoring or annual penetration testing and biannual vulnerability assessments.
5. Implement policies and procedures to ensure employees are properly carrying out the information security program.
6. Dealerships must ensure that service providers or third-parties that have access to their customer information maintain safeguards commiserate with a business’ own information security program.
7. Have a written incident response plan in place to lay out the process for responding to any breach that exposures or compromises customer information that our business maintains.
8. The designated Qualified Individual must report in writing, at least annually, to the dealership’s board of directors or equivalent governing body a formally written report about information security controls.